[SRU][N/J][PATCH 0/2] CVE-2025-38561
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Wed Nov 26 14:29:12 UTC 2025
https://ubuntu.com/security/CVE-2025-38561
[ Impact ]
ksmbd: fix Preauh_HashValue race condition
If client send multiple session setup requests to ksmbd,
Preauh_HashValue race condition could happen.
There is no need to free sess->Preauh_HashValue at session setup phase.
It can be freed together with session at connection termination phase.
[ Fix ]
Backport the fix commit from upstream:
* 44a3059c4c8cc ksmbd: fix Preauh_HashValue race condition
[ Test Plan ]
Compile tested.
[ Where Problems Could Occur ]
The regression potential is very low.
The fix simply defers memory deallocation
from session setup to connection termination,
where cleanup already occurs.
The only impact is marginally increased memory consumption
per session, which is negligible compared to overall session state overhead.
More information about the kernel-team
mailing list